How to Generate a Passphrase by Using the pktool setpin Command

You can generate a passphrase for an object in a keystore, and for the
keystore itself. The passphrase is required to access the object or keystore.
For an example of generating a passphrase for an object in a keystore, see Example 15–4.

Generate a passphrase for access to a keystore.

% pktool setpin keystore=nss|pkcs11 dir=directory

Answer the prompts.

If the keystore does not have
a password already set, press the Return key to create the
password.

Enter current token passphrase:Press the Return key
Create new passphrase:Type the passphrase that you want to use
Re-enter new passphrase:Retype the passphrase
Passphrase changed.

The keystore is now protected by passphrase.
If you lose the passphrase, you lose access to the objects in the keystore.

Example 15–5 Protecting a Keystore With a Passphrase

The following example shows how to set the passphrase for an NSS database.
Because no passphrase has been created, the user presses the Return key
at the first prompt.